joernio
Missing Javascript flow across files
@yzn12345 Just wanted to add that there are some cases where the flow is tracked accurately.
In a working example we have two files, file1.js and file2.js. Using the queries of below give the result of flows.sizebeing 1
def source = cpg.literal.codeExact("42")
def sink = cpg.call("log")
def flows = sink.reachableByFlows(source)
file1.js
function test (arg){
console.log(arg+4)
}
module.exports = {test}
file2.js
const imp = require("./file1");
const literal = 42
imp.test(literal)
Yes, that's why I renamed the issue. I wanted to make sure people don't think we don't track across files. We do, there just seems to be a bug here for some cases.
@yzn12345 Just wanted to add that there are some cases where the flow is tracked accurately.
In a working example we have two files, file1.js and file2.js. Using the queries of below give the result of
flows.sizebeing 1
def source = cpg.literal.codeExact("42")def sink = cpg.call("log")def flows = sink.reachableByFlows(source)file1.js
function test (arg){ console.log(arg+4) } module.exports = {test}file2.js
const imp = require("./file1"); const literal = 42 imp.test(literal)
@Tobiasfro Hi, in the example you provided, when using CommonJS require to import the module, the data flow is not tracked accurately, resulting in flows.size being 0. However, when using ES6 import to import the module, the data flow is tracked correctly, and flows.size is 1.
I would be interested to know the reason behind this difference in behavior. Is there a known limitation or difference in how jssrc2cpg handles CommonJS and ES6 module systems? Or could there be an issue with the test case itself?
